
<?php
include ('mysqlfunctions.php');
session_start();
$host="localhost"; 
$db_name="test";
$tbl_name="members"; 

// Connect or die
mysql_connect("$host", "", "")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Submit values
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

	// XSS check
	$myusername = cleanXSS($myusername);
	$mypassword = cleanXSS($mypassword);
	$mypassword = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Count number of results
$count=mysql_num_rows($result);


if($count>=1){

// Set session values
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:successful_login.php");
}
else {
// Send error message of invalid password
session_start();
$_SESSION['loginerror'] = "TRUE";
header("location:index.php");
}
?>